Making Memory Account Accountable: Analyzing and Detecting Memory Missing-account bugs for Container Platforms

Yutian Yang; Wenbo Shen; Xun Xie; Kangjie Lu; Mingsen Wang; Tianyu Zhou; Chenggang Qin; Wang Yu; Kui Ren

doi:10.1145/3564625.3564634

Making Memory Account Accountable: Analyzing and Detecting Memory Missing-account bugs for Container Platforms

Yutian Yang, Wenbo Shen, Xun Xie, Kangjie Lu, Mingsen Wang, Tianyu Zhou, Chenggang Qin, Wang Yu, Kui Ren

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Linux kernel introduces the memory control group (memcg) to account and confine memory usage at the process-level. Due to its flexibility and efficiency, memcg has been widely adopted by container platforms and has become a fundamental technique. While being critical, memory accounting is prone to missing-account bugs due to the diverse memory accounting interfaces and the massive amount of allocation/free paths. To our knowledge, there is still no systematic analysis against the memory missing-account problem, with respect to its security impacts, detection, etc. In this paper, we present the first systematic study on the memory missing-account problem. We first perform an in-depth analysis of its exploitability and security impacts on container platforms. We then develop a tool named MANTA (short for Memory AccouNTing Analyzer), which combines both static and dynamic analysis techniques to detect and validate memory missing-account bugs automatically. Our analysis shows that all container runtimes, including runC and Kata container, are vulnerable to memory missing-account-based attacks. Moreover, memory missing-account can be exploited to attack the Docker, the CaaS, and the FaaS platforms, leading to memory exhaustion, which crashes individual node or even the whole cluster. Our tool reports 53 exploitable memory missing-account bugs, 37 of which were confirmed by kernel developers with the corresponding patches submitted, and two new CVEs are assigned. Through the in-depth analysis, automated detection, the reported bugs and the submitted patches, we believe our research improves the correctness and security of memory accounting for container platforms.

Original language	English (US)
Title of host publication	Proceedings - 38th Annual Computer Security Applications Conference, ACSAC 2022
Publisher	Association for Computing Machinery
Pages	869-880
Number of pages	12
ISBN (Electronic)	9781450397599
DOIs	https://doi.org/10.1145/3564625.3564634
State	Published - Dec 5 2022
Externally published	Yes
Event	38th Annual Computer Security Applications Conference, ACSAC 2022 - Austin, United States Duration: Dec 5 2022 → Dec 9 2022

Publication series

Name	ACM International Conference Proceeding Series

Conference

Conference	38th Annual Computer Security Applications Conference, ACSAC 2022
Country/Territory	United States
City	Austin
Period	12/5/22 → 12/9/22

Bibliographical note

Funding Information:
The authors would like to thank all reviewers for insightful comments. This work is partially supported by the National Natural Science Foundation of China (Grants No. 62002317), by the National Key R&D Program of China (Grant No. 2020AAA0107700), by the Leading Innovative and Entrepreneur Team Introduction Program of Zhejiang (Grant No. 2018R01005), and by the Ant Group Funds for Security Research.

Publisher Copyright:
© 2022 ACM.

Keywords

Cloud infrastructure
DoS attack
Linux kernel
memory accounting
missing-account

Publisher link

10.1145/3564625.3564634

Find It

Find It at U of M Libraries

Cite this

Yang, Y., Shen, W., Xie, X., Lu, K., Wang, M., Zhou, T., Qin, C., Yu, W., & Ren, K. (2022). Making Memory Account Accountable: Analyzing and Detecting Memory Missing-account bugs for Container Platforms. In Proceedings - 38th Annual Computer Security Applications Conference, ACSAC 2022 (pp. 869-880). (ACM International Conference Proceeding Series). Association for Computing Machinery. https://doi.org/10.1145/3564625.3564634

Making Memory Account Accountable: Analyzing and Detecting Memory Missing-account bugs for Container Platforms. / Yang, Yutian; Shen, Wenbo; Xie, Xun et al.
Proceedings - 38th Annual Computer Security Applications Conference, ACSAC 2022. Association for Computing Machinery, 2022. p. 869-880 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Yang, Y, Shen, W, Xie, X, Lu, K, Wang, M, Zhou, T, Qin, C, Yu, W & Ren, K 2022, Making Memory Account Accountable: Analyzing and Detecting Memory Missing-account bugs for Container Platforms. in Proceedings - 38th Annual Computer Security Applications Conference, ACSAC 2022. ACM International Conference Proceeding Series, Association for Computing Machinery, pp. 869-880, 38th Annual Computer Security Applications Conference, ACSAC 2022, Austin, United States, 12/5/22. https://doi.org/10.1145/3564625.3564634

Yang Y, Shen W, Xie X, Lu K, Wang M, Zhou T et al. Making Memory Account Accountable: Analyzing and Detecting Memory Missing-account bugs for Container Platforms. In Proceedings - 38th Annual Computer Security Applications Conference, ACSAC 2022. Association for Computing Machinery. 2022. p. 869-880. (ACM International Conference Proceeding Series). doi: 10.1145/3564625.3564634

@inproceedings{37cb33594d9349d78591a40179ba2fe3,

title = "Making Memory Account Accountable: Analyzing and Detecting Memory Missing-account bugs for Container Platforms",

abstract = "Linux kernel introduces the memory control group (memcg) to account and confine memory usage at the process-level. Due to its flexibility and efficiency, memcg has been widely adopted by container platforms and has become a fundamental technique. While being critical, memory accounting is prone to missing-account bugs due to the diverse memory accounting interfaces and the massive amount of allocation/free paths. To our knowledge, there is still no systematic analysis against the memory missing-account problem, with respect to its security impacts, detection, etc. In this paper, we present the first systematic study on the memory missing-account problem. We first perform an in-depth analysis of its exploitability and security impacts on container platforms. We then develop a tool named MANTA (short for Memory AccouNTing Analyzer), which combines both static and dynamic analysis techniques to detect and validate memory missing-account bugs automatically. Our analysis shows that all container runtimes, including runC and Kata container, are vulnerable to memory missing-account-based attacks. Moreover, memory missing-account can be exploited to attack the Docker, the CaaS, and the FaaS platforms, leading to memory exhaustion, which crashes individual node or even the whole cluster. Our tool reports 53 exploitable memory missing-account bugs, 37 of which were confirmed by kernel developers with the corresponding patches submitted, and two new CVEs are assigned. Through the in-depth analysis, automated detection, the reported bugs and the submitted patches, we believe our research improves the correctness and security of memory accounting for container platforms.",

keywords = "Cloud infrastructure, DoS attack, Linux kernel, memory accounting, missing-account",

author = "Yutian Yang and Wenbo Shen and Xun Xie and Kangjie Lu and Mingsen Wang and Tianyu Zhou and Chenggang Qin and Wang Yu and Kui Ren",

note = "Funding Information: The authors would like to thank all reviewers for insightful comments. This work is partially supported by the National Natural Science Foundation of China (Grants No. 62002317), by the National Key R&D Program of China (Grant No. 2020AAA0107700), by the Leading Innovative and Entrepreneur Team Introduction Program of Zhejiang (Grant No. 2018R01005), and by the Ant Group Funds for Security Research. Publisher Copyright: {\textcopyright} 2022 ACM.; 38th Annual Computer Security Applications Conference, ACSAC 2022 ; Conference date: 05-12-2022 Through 09-12-2022",

year = "2022",

month = dec,

day = "5",

doi = "10.1145/3564625.3564634",

language = "English (US)",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

pages = "869--880",

booktitle = "Proceedings - 38th Annual Computer Security Applications Conference, ACSAC 2022",

}

TY - GEN

T1 - Making Memory Account Accountable

T2 - 38th Annual Computer Security Applications Conference, ACSAC 2022

AU - Yang, Yutian

AU - Shen, Wenbo

AU - Xie, Xun

AU - Lu, Kangjie

AU - Wang, Mingsen

AU - Zhou, Tianyu

AU - Qin, Chenggang

AU - Yu, Wang

AU - Ren, Kui

N1 - Funding Information: The authors would like to thank all reviewers for insightful comments. This work is partially supported by the National Natural Science Foundation of China (Grants No. 62002317), by the National Key R&D Program of China (Grant No. 2020AAA0107700), by the Leading Innovative and Entrepreneur Team Introduction Program of Zhejiang (Grant No. 2018R01005), and by the Ant Group Funds for Security Research. Publisher Copyright: © 2022 ACM.

PY - 2022/12/5

Y1 - 2022/12/5

N2 - Linux kernel introduces the memory control group (memcg) to account and confine memory usage at the process-level. Due to its flexibility and efficiency, memcg has been widely adopted by container platforms and has become a fundamental technique. While being critical, memory accounting is prone to missing-account bugs due to the diverse memory accounting interfaces and the massive amount of allocation/free paths. To our knowledge, there is still no systematic analysis against the memory missing-account problem, with respect to its security impacts, detection, etc. In this paper, we present the first systematic study on the memory missing-account problem. We first perform an in-depth analysis of its exploitability and security impacts on container platforms. We then develop a tool named MANTA (short for Memory AccouNTing Analyzer), which combines both static and dynamic analysis techniques to detect and validate memory missing-account bugs automatically. Our analysis shows that all container runtimes, including runC and Kata container, are vulnerable to memory missing-account-based attacks. Moreover, memory missing-account can be exploited to attack the Docker, the CaaS, and the FaaS platforms, leading to memory exhaustion, which crashes individual node or even the whole cluster. Our tool reports 53 exploitable memory missing-account bugs, 37 of which were confirmed by kernel developers with the corresponding patches submitted, and two new CVEs are assigned. Through the in-depth analysis, automated detection, the reported bugs and the submitted patches, we believe our research improves the correctness and security of memory accounting for container platforms.

AB - Linux kernel introduces the memory control group (memcg) to account and confine memory usage at the process-level. Due to its flexibility and efficiency, memcg has been widely adopted by container platforms and has become a fundamental technique. While being critical, memory accounting is prone to missing-account bugs due to the diverse memory accounting interfaces and the massive amount of allocation/free paths. To our knowledge, there is still no systematic analysis against the memory missing-account problem, with respect to its security impacts, detection, etc. In this paper, we present the first systematic study on the memory missing-account problem. We first perform an in-depth analysis of its exploitability and security impacts on container platforms. We then develop a tool named MANTA (short for Memory AccouNTing Analyzer), which combines both static and dynamic analysis techniques to detect and validate memory missing-account bugs automatically. Our analysis shows that all container runtimes, including runC and Kata container, are vulnerable to memory missing-account-based attacks. Moreover, memory missing-account can be exploited to attack the Docker, the CaaS, and the FaaS platforms, leading to memory exhaustion, which crashes individual node or even the whole cluster. Our tool reports 53 exploitable memory missing-account bugs, 37 of which were confirmed by kernel developers with the corresponding patches submitted, and two new CVEs are assigned. Through the in-depth analysis, automated detection, the reported bugs and the submitted patches, we believe our research improves the correctness and security of memory accounting for container platforms.

KW - Cloud infrastructure

KW - DoS attack

KW - Linux kernel

KW - memory accounting

KW - missing-account

UR - http://www.scopus.com/inward/record.url?scp=85144022002&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85144022002&partnerID=8YFLogxK

U2 - 10.1145/3564625.3564634

DO - 10.1145/3564625.3564634

M3 - Conference contribution

AN - SCOPUS:85144022002

T3 - ACM International Conference Proceeding Series

SP - 869

EP - 880

BT - Proceedings - 38th Annual Computer Security Applications Conference, ACSAC 2022

PB - Association for Computing Machinery

Y2 - 5 December 2022 through 9 December 2022

ER -

Making Memory Account Accountable: Analyzing and Detecting Memory Missing-account bugs for Container Platforms

Abstract

Publication series

Conference

Bibliographical note

Keywords

Publisher link

Find It

Other files and links

Fingerprint

Cite this